mirror of
https://github.com/valitydev/osquery-1.git
synced 2024-11-06 01:25:20 +00:00
27 lines
1.1 KiB
Plaintext
27 lines
1.1 KiB
Plaintext
table_name("users")
|
|
description("Local user accounts (including domain accounts that have logged on locally (Windows)).")
|
|
schema([
|
|
Column("uid", BIGINT, "User ID", index=True),
|
|
Column("gid", BIGINT, "Group ID (unsigned)"),
|
|
Column("uid_signed", BIGINT, "User ID as int64 signed (Apple)"),
|
|
Column("gid_signed", BIGINT, "Default group ID as int64 signed (Apple)"),
|
|
Column("username", TEXT, "Username", additional=True),
|
|
Column("description", TEXT, "Optional user description"),
|
|
Column("directory", TEXT, "User's home directory"),
|
|
Column("shell", TEXT, "User's configured default shell"),
|
|
Column("uuid", TEXT, "User's UUID (Apple) or SID (Windows)", index=True),
|
|
])
|
|
extended_schema(WINDOWS, [
|
|
Column("type", TEXT, "Whether the account is roaming (domain), local, or a system profile"),
|
|
])
|
|
|
|
extended_schema(DARWIN, [
|
|
Column("is_hidden", INTEGER, "IsHidden attribute set in OpenDirectory")
|
|
])
|
|
implementation("users@genUsers")
|
|
examples([
|
|
"select * from users where uid = 1000",
|
|
"select * from users where username = 'root'",
|
|
"select count(*) from users u, user_groups ug where u.uid = ug.uid",
|
|
])
|